www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

AcceptPathInfo was totally backwards... it would reject when set to on and

Browse Source 
by default and accept when set to off for the default handler, and would
reject only if set to accept for mod_cgi(d) and mod_isapi.

PR: 8234


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94751 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Cliff Woolley
2002-04-22 08:08:38 +00:00
parent a040b262c5
commit 768d65eeac
5 changed files with 25 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@@ -1,4 +1,7 @@
Changes with Apache 2.0.36
*) Fix AcceptPathInfo. PR 8234 [Cliff Woolley]
*) [Security] Added the APLOG_TOCLIENT flag to ap_log_rerror() to
explicitly tell the server that warning messages should be sent
to the client in addition to being recorded in the error log.

6
modules/arch/win32/mod_isapi.c
View File

@@ -362,8 +362,12 @@ apr_status_t isapi_handler (request_rec *r)
if (r->finfo.filetype != APR_REG)
return HTTP_FORBIDDEN;
if (r->path_info && *r->path_info && !r->used_path_info)
if ((r->used_path_info == AP_REQ_REJECT_PATH_INFO) &&
r->path_info && *r->path_info)
{
/* default to accept */
return HTTP_NOT_FOUND;
}
/* Load the isapi extention without caching (sconf == NULL)
* but note that we will recover an existing cached module.

5
modules/generators/mod_cgi.c
View File

@@ -627,7 +627,10 @@ static int cgi_handler(request_rec *r)
return log_scripterror(r, conf, HTTP_FORBIDDEN, 0,
"attempt to invoke directory as script");
if (r->path_info && *r->path_info && !r->used_path_info) {
if ((r->used_path_info == AP_REQ_REJECT_PATH_INFO) &&
r->path_info && *r->path_info)
{
/* default to accept */
return log_scripterror(r, conf, HTTP_NOT_FOUND, 0,
"AcceptPathInfo off disallows user's path");
}

5
modules/generators/mod_cgid.c
View File

@@ -1063,7 +1063,10 @@ static int cgid_handler(request_rec *r)
return log_scripterror(r, conf, HTTP_FORBIDDEN, 0,
"attempt to invoke directory as script");
if (r->path_info && *r->path_info && !r->used_path_info) {
if ((r->used_path_info == AP_REQ_REJECT_PATH_INFO) &&
r->path_info && *r->path_info)
{
/* default to accept */
return log_scripterror(r, conf, HTTP_NOT_FOUND, 0,
"AcceptPathInfo off disallows user's path");
}

15
server/core.c
View File

@@ -3102,11 +3102,11 @@ static int core_override_type(request_rec *r)
/* Deal with the poor soul who is trying to force path_info to be
* accepted within the core_handler, where they will let the subreq
* address it's contents. This is toggled by the user in the very
* address its contents. This is toggled by the user in the very
* beginning of the fixup phase, so modules should override the user's
* discresion in their own module fixup phase. It is tristate, if
* discretion in their own module fixup phase. It is tristate, if
* the user doesn't specify, the result is 2 (which the module may
* interpret to it's own customary behavior.) It won't be tounched
* interpret to its own customary behavior.) It won't be touched
* if the value is no longer undefined (2), so any module changing
* the value prior to the fixup phase OVERRIDES the user's choice.
*/
@@ -3187,7 +3187,10 @@ static int default_handler(request_rec *r)
return HTTP_NOT_FOUND;
}
if (!(r->used_path_info & 1) && r->path_info && *r->path_info) {
if ((r->used_path_info != AP_REQ_ACCEPT_PATH_INFO) &&
r->path_info && *r->path_info)
{
/* default to reject */
ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r,
"File does not exist: %s",
apr_pstrcat(r->pool, r->filename, r->path_info, NULL));
@@ -3939,10 +3942,10 @@ static int core_create_req(request_rec *r)
ap_set_module_config(r->request_config, &core_module, req_cfg);
/* Begin by presuming any module can make it's own path_info assumptions,
/* Begin by presuming any module can make its own path_info assumptions,
* until some module interjects and changes the value.
*/
r->used_path_info = 2;
r->used_path_info = AP_REQ_DEFAULT_PATH_INFO;
return OK;
}